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In the Claims: 



1 . (presently amended) A method of generating RSA cryptographic values, the 
method comprising the steps of: 

obtaining entity specific information (B) about a user; 

obtaining a first secret seed value (Wp) and a second secret seed value (Wq); 

obtaining a third, publicly known, randomization value (IV) having a first portion 
(IVp) and a second portion (IVq); 

dividing a potential range of RSA encryption values into a first interval and a second 
interval; 

generating a first initial value (XXp) based on the first secret seed value (Wp), the 
second secret seed value (Wq) and the first portion of the third randomization value (IVp); 

mapping the first initial value to aran entity specific segment of the first interval 
utilizing the obtained entity specific information (B) to provide a mapped first initial value 
(Xp); 

selecting a first user dependent RSA cryptographic value (p) from the entity specific 
segment of the first interval utilizing the mapped first initial value as a starting point for a 
search for the first user dependent RSA cryptographic value; 

generating a second initial value (XXq) based on the first user dependent RSA 
cryptographic value (p), the second secret seed value (Wq) and the first portion of the third 
randomization value (IVq); 

mapping the second initial value to a-an entity specific segment of the second interval 
utilizing the obtained entity specific information to provide a mapped second initial value 
(Xq);-md 

selecting a second user dependent RSA cryptographic value (q) fi-om the entity 
specific segment of the second interval utilizing the mapped second initial value as a starting 
point for a search for the second user dependent RSA cryptographic value ; and 

generating an RSA cryptographic key value for use in encrypting data utilizing the 
first and second user dependent RSA cryptographic values p and q. 



'In re:.Matyas'et al. 
Serial No.: 09/357,483 
Filed: July 20, 1999 
Page 3 of 31 



2. (original) A method according to Claim 1, further comprising the step of 
generating auxiliary prime divisors corresponding to the first user dependent RSA 
cryptographic value (p) and the second user dependent RSA cryptographic value (q). 

3. (original) A method according to Claim 2, wherein the auxiliary prime 
divisors are generated based upon the first secret seed value (Wp), the second secret seed 
value (Wq) and the third randomization value (IV). 

4. (original) A method according to Claim 3, wherein po is a publicly known 
prime number whose length is at least n bits and is a public generator, and wherein the step 
of generating auxiliary prime divisors comprises the steps of: 

concatenating the first secret seed value (Wp), the second secret seed value (Wq) and 
the third randomization value (IV) so as to provide an exponent value (X); 

determining an initial random value by determining Y=g^(modpo)', 

selecting initial prime search values from the initial random value; 

setting the most significant bit of the initial prime search values to "1" to provide final 
prime search values; and 

selecting as the prime divisors the smallest prime value greater than or equal to the 
final prime search values. 

5. (original) A method according to Claim 4, further comprising the steps 

of 

selecting at least one of a new first secret seed value (Wp), a new second secret seed 
value (Wq) and a new third randomization value (IV) if the length of at least one of the prime 
divisors is greater than the length of the final prime search values; and 

re-generating the prime divisors if the length of at least one of the prime divisors is 
greater than the length of the final prime search values. 



6. (original) A method according to Claim 4, wherein the initial prime 
search values have a first length if a public encryption exponent (e) has an odd value and a 
second length of the public encryption exponent (e) has an even value. 
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7. (original) A method according to Claim 5, wherein the first length is 120 
bits and the second length is 118 bits. 

8. (original) A method according to Claim 1, wherein the entity specific 
segments comprise the segments [A+(B(C-A))/2*', A+((B+l)(C-A))/2^] wherein^ and C are 
the endpoints of the respective intervals and the entity specific information comprises b bits. 

9. (original) A method according to Claim 8, wherein the RSA 
cryptographic values comprise n bits and wherein the first interval comprises RSA 

cryptographic values from the set of [ V2(2""^ ), 2^~^ -{-2^'^^'^] and the second interval 
comprises RSA cryptographic values from the set of [ 2""^ -f 2""^ ^^,2" ]. 



10. (previously presented) A method according to Claim 9, wherein the binary size 
of the RSA cryptographic values are 2n, a size m is n-b-2 and wherein the step of mapping 
the first initial value comprises the steps of: 

linearly mapping the first initial value to a entity specific segment of the first interval 
utilizing the obtained entity specific information (B) utilizing the linear mapping function 

G, ^ (jc) - 4(1 - -^)x -f V2 2""' + 4(1 - ~)(B - 1)2""^ ; and 

V2 

selecting as the mapped first initial value (Xp) the integer value which is not greater 
than the first initial value (XXp)mapped utilizing the mapping function G\,u; and 

wherein the step of mapping the second initial value comprises the step of linearly 
mapping the second initial value to a entity specific segment of the second interval utilizing 
the obtained entity specific information (B) utilizing the linear mapping function; and 

selecting as the mapped second initial value (Xq) the integer value which is not greater 
than the second initial value (XXq)mapped utilizing the mapping fiinction G2,u- 



1 1 . (original) A method according to Claim 1 , wherein the entity specific 
information is biometric information. 



4 
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12. (original) A method according to Claim 1, wherein the entity specific 
information is a globally unique user identification. 

13. (original) A method according to Claim 1, further comprising the steps 

of: 

determining if a candidate for p is considered outside the range of RSA cryptographic 
values in the entity specific segment of the first interval; 

selecting at least one of a new first secret seed value (Wp), a new second secret seed 
value (Wq) and a new third randomization value (IV) if a candidate for p is considered 
outside the range of RSA cryptographic values in the entity specific segment of the first 
interval; 

determining if a candidate for q is considered outside the range of RSA cryptographic 
values in the entity specific segment of the second interval; 

selecting at least one of a new first secret seed value (Wp), a new second secret seed 
value (Wq) and a new third randomization value (IV) if a candidate for q is considered 
outside the range of RSA cryptographic values in the entity specific segment of the second 
interval; and 

restarting the cryptographic value generation utilizing the first and second secret seed 
values and third randomization value if either a candidate for p is considered outside the 
range of RSA cryptographic values in the entity specific segment of the first interval or if a 
candidate for q is considered outside the range of RSA cryptographic values in the entity 
specific segment of the second interval. 

14. (original) A method according to Claim 1 further comprising the steps of: 
determining if 2^^-l candidates for p have been rejected in selecting the first user 

dependent RSA cryptographic value; 

selecting at least one of a new first secret seed value (Wp), a new second secret seed 
value (Wq) and a new third randomization value (IV) if 2^^-l candidates for p have been 
rejected in selecting the first user dependent RSA cryptographic value; 

determining if 2^^-l candidates for q have been rejected in selecting the second user 
dependent RSA cryptographic value; 
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selecting at least one of a new first secret seed value ( Wp), a new second secret seed 
value (Wq) and a new third randomization value (IV) if 2^^-l candidates for q have been 
rejected in selecting the second user dependent RSA cryptographic value; and 

restarting the cryptographic generation utilizing the first and second secret seed values 
and third randomization value if either 2^^-l candidates for p have been rejected in selecting 
the first user dependent RSA cryptographic value or if 2^^-l candidates for q have been 
rejected in selecting the second user dependent RSA cryptographic value. 

15. (original) A method according to Claim 1, wherein the step of generating 
a first initial value comprises the steps of: 

mixing a concatenation of Wq and IVq utilizing a publicly known mixing function; 
concatenating Wp and IVp; and 

EXCLUSIVE-ORing the mixed concatenation of Wq and IVq and the concatenation 
Wp and IVp to provide the first initial value (XXp); and 

wherein the step of generating a second initial value comprises the steps of: 
EXCLUSIVE ORing p and IVp; 

mixing the EXCLUSIVE OR of p and IVp utilizing the publicly known mixing 
function; 

concatenating Wq and IVq; and 

EXCLUSIVE-ORing the mixed EXCLUSIVE OR of p and IVp and the concatenation 
of Wq and IVq to provide the second initial value (XXq). 

16. (original) A method according to Claim 1, fiarther comprising the step of 
authenticating generated candidate RSA cryptographic values. 

17. (previously presented)A method of authenticating an RSA cryptographic value 
comprising the steps of: 

recovering two candidate prime values utilizing a RSA public modulus (N) and a 
private signature exponent (d); 

establishing a first of two prime values as a first candidate cryptographic value (p') 
and the second of the two prime values as a second candidate cryptographic value (q'); 
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recovering first and second candidate seed values Wp* and Wq* from the first and 
second candidate cryptographic values p' and q' and from the third publicly known seed value 
IV; 

generating first and second RSA cryptographic values p" and q" utiUzing Wp' and Wq* 
and IV; and 

comparing p' and p" and q' and q" to authenticate the RSA cryptographic values. 

18. (original) A method according to Claim 17, further comprising the step of 
determining that the RSA cryptographic values are not authentic if p' and q' are values outside 
the user defined segments of the first and second intervals. 

19. (original) A method according to Claim 17, wherein the first of the two 
prime numbers is a smaller of the two prime numbers. 

20. (original) A method according to Claim 17, wherein the step of 
recovering first and second candidate seed values Wp' and Wq' from the first and second 
candidate cryptographic values p* and q' and from the third publicly known seed value IV 
comprises the steps of: 

inverse mapping the second candidate value q' to provide a first initial value Sq; 

EXCLUSIVE ORing the first candidate cryptographic value p' and IVp; 

mixing the EXCLUSIVE OR of the first candidate cryptographic value p' and IVp 
with the publicly known mixing function; 

EXCLUSIVE ORing the mixed EXCLUSIVE OR of the first candidate cryptographic 
value p' and IVp with IVq to provide a first known value (Nq) having a length (j); 

determining if a value corresponding to the j least significant bits of Sq is less than the 
first known value Nq; 

EXCLUSIVE ORing the n-j most significant bits of the mixed concatenation of the 
first candidate cryptographic value p' and IVp with the n-j most significant bits of Sq if the 
value corresponding to the j least significant bits of the first subsequent value is not less than 
the first known value Nq, to provide the second candidate seed value; 

EXCLUSIVE ORing the n-j most significant bits of the mixed concatenation of the 
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first candidate cryptographic value p' and IVp with 1 subtracted from the value corresponding 
to the n-j most significant bits of Sq if the value corresponding to the j least significant bits of 
the first subsequent value is less than the first known value Nq, to provide the second 
candidate seed value; 

inverse mapping the first candidate value p* to provide a second initial value Sp; 

concatenating the second candidate seed value and IVq; 

mixing the concatenation of the second candidate seed value and IVq with the publicly 
known mixing function; 

EXCLUSIVE ORing the mixed concatenation of the second candidate seed value and 
IVq with rVp to provide a second known value Np having a length (j); 

determining if a value corresponding to the j least significant bits of Sp is less than the 
second known value Np; 

EXCLUSIVE ORing the n-j most significant bits of the mixed concatentation of the 
second candidate seed value and IVq with the n-j most significant bits of Sp if value 
corresponding to the j least significant bits of the second subsequent value is not less than the 
second known value Np, to provide the first candidate seed value; 

EXCLUSIVE ORing the n-j most significant bits of the mixed concatenation of the 
second candidate seed value and IVq with 1 subtracted from the value corresponding to the n- 
j most significant bits of Sp if the value corresponding to the j least significant bits of the 
second subsequent value is less than the second known value Np, to provide the first 
candidate seed value. 



21. (original) A method according to Claim 20, wherein j is 256 bits. 



22. (presently amended) A system for generating an RSA cryptographic, utilizing 
entity specific information (B) about a user, a first secret seed value (Wp) and a second secret 
seed value (Wq), and a third, publicly known, randomization value (IV) having a first portion 
(IVp) and a second portion (IVq), comprising: 

means for dividing a potential range of RSA encryption values into a first interval and 
a second interval; 
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means for generating a first initial value (XXp) based on the first secret seed value 
(Wp), the second secret seed value (Wq) and the first portion of the third randomization value 
(IVp); 

means for mapping the first initial value to aran entity specific segment of the first 
interval utilizing the obtained entity specific information (B) to provide a mapped first initial 
value (Xp); 

means for selecting a first user dependent RSA cryptographic value (p) from the 
entity specific segment of the first interval utilizing the mapped first initial value as a starting 
point for a search for the first user dependent RSA cryptographic value; 

means for generating a second initial value (XXq) based on the first user dependent 
RSA cryptographic value (p), the second secret seed value (Wq) and the first portion of the 
third randomization value (IVq); 

means for mapping the second initial value to a-an entity specific segment of the 
second interval utilizing the obtained entity specific information to provide a mapped second 
initial value (Xq); 

means for selecting a second user dependent RSA cryptographic value (q) from the 
entity specific segment of the second interval utilizing the mapped second initial value as a 
starting point for a search for the second user dependent RSA cryptographic value; and 

means for generating an RSA cryptographic key value for use in encrypting data 
utilizing the first and second user dependent RSA cryptographic values p and q. 

23. (original) A system according to Claim 22, further comprising means for 
authenticating generated candidate RSA cryptographic values. 

24. (previously presented)A system for authenticating a message, comprising: 
means for recovering two candidate prime values utilizing a RSA public modulus (n) 

and a private signature exponent (d) of the encrypted message; 

means for establishing a first of two prime values as a first candidate cryptographic 
value (p') and the second of the two prime values as a second candidate cryptographic value 

(q'); 

means for recovering first and second candidate seed values Wp* and Wq' fi-om the 
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first and second candidate cryptographic values p' and q* and from the third publicly known 
seed value IV; 

means for generating first and second RSA cryptographic values p** and q" utilizing 
Wp' and Wc^' and IV; and 

means for comparing p* and p" and q' and q" to authenticate the message. 

25. (presently amended) A computer program product for generating an RSA 
cryptographic value, utilizing entity specific information (B) about a user, a first secret seed 
value (Wp) and a second secret seed value (Wq), and a third, publicly known, randomization 
value (IV) having a first portion (IVp) and a second portion (IVq), comprising: 

a computer readable storage medium having computer readable program code 
embodied in said medium, said computer readable program code comprising: 

computer readable code which divides a potential range of RSA encryption values 
into a first interval and a second interval; 

computer readable code which generates a first initial value (XXp) based on the first 
secret seed value (Wp), the second secret seed value (Wq) and the first portion of the third 
randomization value (IVp); 

computer readable code which maps the first initial value to a-an entity specific 
segment of the first interval utilizing the obtained entity specific information (B) to provide a 
mapped first initial value (Xp); 

computer readable code which selects a first user dependent RSA cryptographic value 
(p) from the entity specific segment of the first interval utilizing the mapped first initial value 
as a starting point for a search for the first user dependent RSA cryptographic value; 

computer readable code which generates a second initial value (XXq) based on the 
first user dependent RSA cryptographic value (p), the second secret seed value (Wq) and the 
first portion of the third randomization value (IVq); 

computer readable code which maps the second initial value to a-an entity specific 
segment of the second interval utilizing the obtained entity specific information to provide a 
mapped second initial value (Xq); and 

computer readable code which selects a second user dependent RSA cryptographic 
value (q) from the entity specific segment of the second interval utilizing the mapped second 
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initial value as a starting point for a search for the second user dependent RSA cryptographic 
value. 

26. (original) A computer program product according to Claim 25, further 
comprising computer readable code which authenticates generated candidate RSA 
cryptographic values. 

27. (previously presented)A computer program product for authenticating an RSA 
cryptographic value, comprising: 

a computer readable storage medium having computer readable program code 
embodied in said medium, said computer readable program code comprising: 

computer readable code which recovers two candidate prime values utilizing a RSA 
public modulus (n) and a private signature exponent (d) of the encrypted message; 

computer readable code which establishes a first of the two prime values as a first 
candidate cryptographic value (p') and the second of the two prime values as a second 
candidate cryptographic value (q'); 

computer readable code which recovers first and second candidate seed values Wp' 
and Wq' from the first and second candidate cryptographic values p* and q* and from the third 
publicly known seed value IV; 

computer readable code which generates first and second RSA cryptographic values 
p" and q" utilizing Wp' and Wq' and IV; and 

computer readable code which compares p* and p" and q' and q" to authenticate the 
message. 

28. (previously presented)A system according to Claim 22, further comprising 
means for generating auxiliary prime divisors corresponding to the first user dependent RSA 
cryptographic value (p) and the second user dependent RSA cryptographic value (q). 

29. (previously presented)A system according to Claim 28, wherein the auxiliary 
prime divisors are generated based upon the first secret seed value (Wp), the second secret 
seed value (Wq) and the third randomization value (IV). . 
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30. (previously presented) A method according to Claim 29, wherein po is a 
publicly known prime number whose length is at least n bits and g- is a public generator, and 
wherein the means for generating auxiliary prime divisors comprises: 

means for concatenating the first secret seed value (Wp), the second secret seed value 
(Wq) and the third randomization value (IV) so as to provide an exponent value {X)\ 

means for determining an initial random value by determining Y=g^{modp())\ 

means for selecting initial prime search values from the initial random value; 

means for setting the most significant bit of the initial prime search values to "1" to 
provide final prime search values; and 

means for selecting as the prime divisors the smallest prime value greater than or 
equal to the final prime search values. 

31. (previously presented) A system according to Claim 30, further comprising: 
means for selecting at least one of a new first secret seed value (Wp), a new second 

secret seed value (Wq) and a new third randomization value (IV) if the length of at least one 
of the prime divisors is greater than the length of the final prime search values; and 

means for re-generating the prime divisors if the length of at least one of the prime 
divisors is greater than the length of the final prime search values. 

32. (previously presented)A system according to Claim 30, wherein the initial 
prime search values have a first length if a public encryption exponent {e) has an odd value 
and a second length of the public encryption exponent (e) has an even value. 

33. (previously presented) A system according to Claim 3 1 , wherein the first 
length is 120 bits and the second length is 118 bits. 

34. (previously presented) A system according to Claim 22, wherein the entity 
specific segments comprise the segments [A-i-(B(C-A))/2*^, A-i-((B+l)(C-A))/2^] wherein^ 
and C are the endpoints of the respective intervals and the entity specific information 
comprises b bits. 
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35. (previously presented) A method according to Claim 34, wherein the RSA 
cryptographic values comprise n bits and wherein the first interval comprises RSA 

cryptographic values from the set of [ V2(2^~^), 2^~^ + 2^~^^^] and the second interval 
comprises RSA cryptographic values from the set of [ 2"~^ + 2''"^^'^ ,2'^ ]. 

36. (previously presented)A system according to Claim 35, wherein the binary 
size of the RSA cryptographic values are 2n, a size m is n-b-2 and wherein the means for 
mapping the first initial value comprises: 

means for linearly mapping the first initial value to a entity specific segment of the 
first interval utilizing the obtained entity specific information (B) utilizing the linear mapping 

funcfion G, ^ (x) = 4(1 - -^)x + V2 2""' + 4(1 ^)(5 - 1)2'""' ; and 

V2 V2 

means for selecting as the mapped first initial value (Xp) the integer value which is 
not greater than the first initial value (XXp)mapped utilizing the mapping function Gi,(/; and 

wherein the means for mapping the second initial value comprises means for linearly 
mapping the second initial value to a entity specific segment of the second interval utilizing 
the obtained entity specific information (B) utilizing the linear mapping function 

G2 (x) - 4(1 - ~^)x + 2"-' + 2"-''' + 4(1 ^)(5 - 1)2'"-' ; and 

V2 V2 

means for selecting as the mapped second initial value (Xq) the integer value which is 

not greater than the second initial value (XXq)mapped utilizing the mapping function G2,(/. 

37. (previously presented) A system according to Claim 22, further 
comprising: 

means for determining if a candidate for p is considered outside the range of RSA 
cryptographic values in the entity specific segment of the first interval; 

means for selecting at least one of a new first secret seed value (Wp), a new second 
secret seed value (Wq) and a new third randomization value (IV) if a candidate for p is 
considered outside the range of RSA cryptographic values in the entity specific segment of 
the first interval; 
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means for determining if a candidate for q is considered outside the range of RSA 
cryptographic values in the entity specific segment of the second interval; 

means for selecting at least one of a new first secret seed value (Wp), a new second 
secret seed value (Wq) and a new third randomization value (IV) if a candidate for q is 
considered outside the range of RSA cryptographic values in the entity specific segment of 
the second interval; and 

means for restarting the cryptographic value generation utilizing the first and second 
secret seed values and third randomization value if either a candidate for p is considered 
outside the range of RSA cryptographic values in the entity specific segment of the first 
interval or if a candidate for q is considered outside the range of RSA cryptographic values in 
the entity specific segment of the second interval. 




38. (previously presented) A system according to Claim 22 further comprising: 
means for determining if 2*^-1 candidates for p have been rejected in selecting the 

first user dependent RSA cryptographic value; 

means for selecting at least one of a new first secret seed value (Wp), a new second 
secret seed value (Wq) and a new third randomization value (IV) if 2^*^-1 candidates for p 
have been rejected in selecting the first user dependent RSA cryptographic value; 

means for determining if 2**^-1 candidates for q have been rejected in selecting the 
second user dependent RSA cryptographic value; 

means for selecting at least one of a new first secret seed value (Wp), a new second 
secret seed value (Wq) and a new third randomization value (IV) if 2^^-l candidates for q 
have been rejected in selecting the second user dependent RSA cryptographic value; and 

means for restarting the cryptographic generation utilizing the first and second secret 
seed values and third randomization value if either 2*^-1 candidates for p have been rejected 
in selecting the first user dependent RSA cryptographic value or if 2^^-l candidates for q have 
been rejected in selecting the second user dependent RSA cryptographic value. 

39. (previously presented) A system according to Claim 22, wherein the means for 
generating a first initial value comprises: 

means for mixing a concatenation of Wq and IVq utilizing a publicly known mixing 
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function; 

means for concatenating Wp and IVp; and 

means for EXCLUSIVE-ORing the mixed concatenation of Wq and IVq and the 
concatenation Wp and IVp to provide the first initial value (XXp); and 

wherein the means for generating a second initial value comprises: 
means for EXCLUSIVE ORing p and IVp; 

means for mixing the EXCLUSIVE OR of p and IVp utilizing the publicly known 
mixing function; 

means for concatenating Wq and IVq; and 

means for EXCLUSIVE-ORing the mixed EXCLUSIVE OR of p and IVp and the 
concatenation of Wq and IVq to provide the second initial value (XXq). 

40. (previously presented) A system according to Claim 24, further comprising 
means for determining that the RSA cryptographic values are not authentic if p' and are 
values outside the user defined segments of the first and second intervals. 

41. (previously presented) A system according to Claim 24, wherein the first of the 
two prime numbers is a smaller of the two prime numbers. 

42. (previously presented) A system according to Claim 24 wherein the means for 
recovering first and second candidate seed values Wp' and Wq' from the first and second 
candidate cryptographic values p' and q' and from the third publicly known seed value IV 
comprises: 

means for inverse mapping the second candidate value q* to provide a first initial 
value Sq; 

means for EXCLUSIVE ORing the first candidate cryptographic value p' and IVp; 

means for mixing the EXCLUSIVE OR of the first candidate cryptographic value p* 
and IVp with the publicly known mixing function; 

means for EXCLUSIVE ORing the mixed EXCLUSIVE OR of the first candidate 
cryptographic value p' and IVp with IVq to provide a first known value (Nq) having a length 

G); 
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means for determining if a value corresponding to the j least significant bits of Sq is 
less than the first known value Nq; 

means for EXCLUSIVE ORing the n-j most significant bits of the mixed 
concatenation of the first candidate cryptographic value p' and IVp with the n-j most 
significant bits of Sq if the value corresponding to the j least significant bits of the first 
subsequent value is not less than the first known value Nq, to provide the second candidate 
seed value; 

means for EXCLUSIVE ORing the n-j most significant bits of the mixed 
concatenation of the first candidate cryptographic value p' and IVp with 1 subtracted from the 
value corresponding to the n-j most significant bits of Sq if the value corresponding to the j 
least significant bits of the first subsequent value is less than the first known value Nq, to 
provide the second candidate seed value; 

means for inverse mapping the first candidate value p' to provide a second initial 
value Sp; 

means for concatenating the second candidate seed value and IVq; 

means for mixing the concatenation of the second candidate seed value and IVq with 
the publicly known mixing Sanction; 

means for EXCLUSIVE ORing the mixed concatenation of the second candidate seed 
value and IVq with IVp to provide a second known value Np having a length (j); 

means for determining if a value corresponding to the j least significant bits of Sp is 
less than the second known value Np; 

means for EXCLUSIVE ORing the n-j most significant bits of the mixed 
concatentation of the second candidate seed value and IVq with the n-j most significant bits of 
Sp if value corresponding to the j least significant bits of the second subsequent value is not 
less than the second known value Np, to provide the first candidate seed value; and 

means for EXCLUSIVE ORing the n-j most significant bits of the mixed 
concatenation of the second candidate seed value and IVq with 1 subtracted from the value 
corresponding to the n-j most significant bits of Sp if the value corresponding to the j least 
significant bits of the second subsequent value is less than the second known value Np, to 
provide the first candidate seed value. 
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43. (previously presented) A computer program product according to Claim 25, 
further comprising computer program code which generates auxiliary prime divisors 
corresponding to the first user dependent RS A cryptographic value (p) and the second user 
dependent RSA cryptographic value (q). 



44. (previously presented)A computer program product according to Claim 43, 
wherein the auxiliary prime divisors are generated based upon the first secret seed value 
(Wp), the second secret seed value (Wq) and the third randomization value (IV). 

45. (previously presented) A computer program product according to Claim 44, 
wherein po is a publicly known prime number whose length is at least n bits and is a public 
generator, and wherein the computer program code which generates auxiliary prime divisors 
comprises: 

computer program code which concatenates the first secret seed value (Wp), the 
second secret seed value (Wq) and the third randomization value (IV) so as to provide an 
exponent value {X)\ 

computer program code which determines an initial random value by determining 

computer program code which selects initial prime search values fi-om the initial 
random value; 

computer program code which sets the most significant bit of the initial prime search 
values to "1" to provide final prime search values; and 

computer program code which selects as the prime divisors the smallest prime value 
greater than or equal to the final prime search values. 



46. (previously presented)A computer program product according to Claim 45, 
further comprising: 

computer program code which selects at least one of a new first secret seed value 
(Wp), a new second secret seed value (Wq) and a new third randomization value (IV) if the 
length of at least one of the prime divisors is greater than the length of the final prime search 
values; and 
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computer program code which re-generates the prime divisors if the length of at least 
one of the prime divisors is greater than the length of the final prime search values. 



47. (previously presented)A computer program product according to Claim 45, 
wherein the initial prime search values have a first length if a public encryption exponent (e) 
has an odd value and a second length of the public encryption exponent (e) has an even value. 

48. (previously presented) A computer program product according to Claim 46, 
wherein the first length is 120 bits and the second length is 118 bits. 

49. (previously presented)A computer program product according to Claim 25, 
wherein the entity specific segments comprise the segments [A+(B(C-A))/2*', A+((B+1)(C- 
A))/2*'] wherein A and C are the endpoints of the respective intervals and the entity specific 
information comprises b bits. 

50. (previously presented) A computer program product according to Claim 49, 
wherein the RSA cryptographic values comprise n bits and wherein the first interval 

comprises RSA cryptographic values from the set of [ V2(2"~^), 2"~^ + 2^~^^'^] and the 
second interval comprises RSA cryptographic values from the set of [ 2"~^ H- 2'^"^^^^ ,2" ]. 

5 1 . (previously presented) A computer program product according to Claim 50, 
wherein the binary size of the RSA cryptographic values are 2/7, a size m is n-b-2 and wherein 
the computer program code which maps the first initial value comprises: 

computer program code which linearly maps the first initial value to a entity specific 
segment of the first interval utilizing the obtained entity specific information (B) utilizing the 

linear mapping function G, ^ (x) = 4(1 - -^)x + V2 2""' + 4(1 - -4-)(5 - 1)2"'"* ; and 

v2 V2 

computer program code which selects as the mapped first initial value (Xp) the integer 

value which is not greater than the first initial value (XXp)mapped utilizing the mapping 

function G\,ul and 

wherein the computer program code which maps the second initial value comprises 
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computer program code which linearly maps the second initial value to a entity specific 
segment of the second interval utilizing the obtained entity specific information (B) utilizing 

the linear mapping function G2 ^ (x) = 4(1 - -^)x + 2""' + 2""^'^ + 4(1 — ^)(5 - 1)2""^ ; and 

v2 v2 

computer program code which selects as the mapped second initial value (Xq) the 

integer value which is not greater than the second initial value (XXq)mapped utilizing the 

mapping function G2,u- 

52. (previously presented) A computer program product according to Claim 25, 
further comprising: 

computer program code which determines if a candidate for p is considered outside 
the range of RSA cryptographic values in the entity specific segment of the first interval; 

computer program code which selects at least one of a new first secret seed value 
(Wp), a new second secret seed value (Wq) and a new third randomization value (IV) if a 
candidate for p is considered outside the range of RSA cryptographic values in the entity 
specific segment of the first interval; 

computer program code which determines if a candidate for q is considered outside 
the range of RSA cryptographic values in the entity specific segment of the second interval; 

computer program code which selects at least one of a new first secret seed value 
(Wp), a new second secret seed value (Wq) and a new third randomization value (IV) if a 
candidate for q is considered outside the range of RSA cryptographic values in the entity 
specific segment of the second interval; and 

computer program code which restarts the cryptographic value generation utilizing the 
first and second secret seed values and third randomization value if either a candidate for p is 
considered outside the range of RSA cryptographic values in the entity specific segment of 
the first interval or if a candidate for q is considered outside the range of RSA cryptographic 
values in the entity specific segment of the second interval. 

53. (previously presented) A computer program product according to Claim 25 
further comprising: 

computer program code which determines if 2^^-l candidates for p have been rejected 
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in selecting the first user dependent RSA cryptographic value; 

computer program code which selects at least one of a new first secret seed value 
(Wp), a new second secret seed value (Wq) and a new third randomization value (FV) if 2*^-1 
candidates for p have been rejected in selecting the first user dependent RSA cryptographic 
value; 

computer program code which determines if 2*^-1 candidates for q have been rejected 
in selecting the second user dependent RSA cryptographic value; 

computer program code which selects at least one of a new first secret seed value 
(Wp), a new second secret seed value (Wq) and a new third randomization value (IV) if 2*^-1 
candidates for q have been rejected in selecting the second user dependent RSA 
cryptographic value; and 

computer program code which restarts the cryptographic generation utilizing the first 
and second secret seed values and third randomization value if either 2^^-l candidates for p 
have been rejected in selecting the first user dependent RSA cryptographic value or if 2^^- 1 
candidates for q have been rejected in selecting the second user dependent RSA 
cryptographic value. 



54. (previously presented)A computer program product according to Claim 25, 
wherein the computer program code which generates a first initial value comprises: 

computer program code which mixes a concatenation of Wq and IVq utilizing a 
publicly known mixing function; 

computer program code which concatenates Wp and IVp; and 

computer program code which EXCLUSIVE-ORs the mixed concatenation of Wq and 
IVq and the concatenation Wp and IVp to provide the first initial value (XXp); and 

wherein the computer program code which generates a second initial value comprises: 
computer program code which EXCLUSIVE ORs p and IVp; 

computer program code which mixes the EXCLUSIVE OR of p and IVp utilizing the 
publicly known mixing function; 

computer program code which concatenates Wq and IVq; and 

computer program code which EXCLUSIVE-ORs the mixed EXCLUSIVE OR of p 
and rVp and the concatenation of Wq and IVq to provide the second initial value (XXq). 
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55. (previously presented) A computer program product according to Claim 27, 
further comprising computer program code which determines that the RSA cryptographic 
values are not authentic if p' and q' are values outside the user defined segments of the first 
and second intervals. 

56. (previously presented)A computer program product according to Claim 27, 
wherein the first of the two prime numbers is a smaller of the two prime numbers. 

57. (previously presented)A computer program product according to Claim 27 
wherein the computer program code which recovers first and second candidate seed values 
Wp' and Wq' from the first and second candidate cryptographic values p' and and from the 
third publicly known seed value IV comprises: 

computer program code which inverse maps the second candidate value q* to provide 
a first initial value Sq; 

computer program code which EXCLUSIVE ORs the first candidate crj^tographic 
value p* and IVp; 

computer program code which mixes the EXCLUSIVE OR of the first candidate 
cryptographic value p* and IVp with the publicly known mixing function; 

computer program code which EXCLUSIVE ORs the mixed EXCLUSIVE OR of the 
first candidate cryptographic value p' and IVp with IVq to provide a first known value (Nq) 
having a length (j); 

computer program code which determines if a value corresponding to the j least 
significant bits of Sq is less than the first known value Nq; 

computer program code which EXCLUSIVE ORs the n-j most significant bits of the 
mixed concatenation of the first candidate cryptographic value p* and IVp with the n-j most 
significant bits of Sq if the value corresponding to the j least significant bits of the first 
subsequent value is not less than the first known value Nq, to provide the second candidate 
seed value; 

computer program code which EXCLUSIVE ORs the n-j most significant bits of the 
mixed concatenation of the first candidate cryptographic value p' and IVp with 1 subtracted 
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from the value corresponding to the n-j most significant bits of Sq if the value corresponding 
to the j least significant bits of the first subsequent value is less than the first known value Nq, 
to provide the second candidate seed value; 

computer program code which inverse maps the first candidate value p* to provide a 
second initial value Sp; 

computer program code which concatenates the second candidate seed value and IVq; 

computer program code which mixes the concatenation of the second candidate seed 
value and IVq with the publicly known mixing function; 

computer program code which EXCLUSIVE ORs the mixed concatenation of the 
second candidate seed value and IVq with IVp to provide a second known value Np having a 
length (j); 

computer program code which determines if a value corresponding to the j least 
significant bits of Sp is less than the second known value Np; 

computer program code which EXCLUSIVE ORs the n-j most significant bits of the 
mixed concatentation of the second candidate seed value and IVq with the n-j most significant 
bits of Sp if value corresponding to the j least significant bits of the second subsequent value 
is not less than the second known value Np, to provide the first candidate seed value; and 

computer program code which EXCLUSIVE ORs the n-j most significant bits of the 
mixed concatenation of the second candidate seed value and IVq with 1 subtracted from the 
value corresponding to the n-j most significant bits of Sp if the value corresponding to the j 
least significant bits of the second subsequent value is less than the second known value Np, 
to provide the first candidate seed value. 



